diff --git a/src/main/java/com/biutag/supervision/repository/supdepart/SupDepartResourceService.java b/src/main/java/com/biutag/supervision/repository/supdepart/SupDepartResourceService.java index d727c66..cc9871d 100644 --- a/src/main/java/com/biutag/supervision/repository/supdepart/SupDepartResourceService.java +++ b/src/main/java/com/biutag/supervision/repository/supdepart/SupDepartResourceService.java @@ -77,4 +77,46 @@ public class SupDepartResourceService extends BaseDAO { return departAndSubDepart.stream().collect(Collectors.toMap(DepartAndSubDepartDto::getParentId, dto -> dto)); } + + + /** + * 根据任意部门ID展开为其下属二级机构ID集合(包含自身如果自身就是二级) + * @param departId 可能是二级机构,也可能是其上级 + * @return 二级机构ID集合 + */ + public Set expandToSecondDepartIds(String departId) { + if (StrUtil.isBlank(departId)) { + return Collections.emptySet(); + } + + final String SECOND_LEVEL_VALUE = "2"; + + // 1) 先查自己 + SupDepart self = supDepartMapper.selectById(departId); + if (self == null) { + return Collections.emptySet(); + } + + // 2) 如果自己就是二级,直接返回 + if (SECOND_LEVEL_VALUE.equals(String.valueOf(self.getLevel()))) { + return new HashSet<>(Collections.singletonList(self.getId())); + } + + // 3) 否则:查该部门下直属的二级机构 + LambdaQueryWrapper wrapper = new LambdaQueryWrapper<>(); + wrapper.eq(SupDepart::getPid, departId); + wrapper.eq(SupDepart::getLevel, SECOND_LEVEL_VALUE); + + List seconds = supDepartMapper.selectList(wrapper); + if (CollectionUtil.isEmpty(seconds)) { + return Collections.emptySet(); + } + + return seconds.stream() + .map(SupDepart::getId) + .filter(StrUtil::isNotBlank) + .collect(Collectors.toSet()); + } + + } diff --git a/src/main/java/com/biutag/supervision/service/complaintCollection/ComplaintCollectionServiceImpl.java b/src/main/java/com/biutag/supervision/service/complaintCollection/ComplaintCollectionServiceImpl.java index 309dc87..ef282f2 100644 --- a/src/main/java/com/biutag/supervision/service/complaintCollection/ComplaintCollectionServiceImpl.java +++ b/src/main/java/com/biutag/supervision/service/complaintCollection/ComplaintCollectionServiceImpl.java @@ -218,10 +218,34 @@ public class ComplaintCollectionServiceImpl implements ComplaintCollectionServic } if (!AppConstants.USER_TYPE_SUPER.equals(user.getUserType())) { if (user.getRoleCodes().contains(RoleCodeEnum.SECOND_ADMIN.getCode())) { - param.setSecondDepartIds(new HashSet<>(user.getAuthDepartIds())); + // 1) 用户可见范围(你说的“显示用户看到信息”) + Set visibleSecondIds = new HashSet<>(user.getAuthDepartIds()); + // 2) 前端如果传了 secondDepartId(可能是二级或上级),展开成“二级机构ID集合” + if (StrUtil.isNotBlank(request.getSecondDepartId())) { + Set querySecondIds = supDepartResourceService.expandToSecondDepartIds(request.getSecondDepartId()); + // 3) 取交集:避免越权 + visibleSecondIds.retainAll(querySecondIds); + } + // 4) 交集为空:直接无权限/无数据 + if (CollectionUtil.isEmpty(visibleSecondIds)) { + return Result.success(ComplaintCollectionPageVo.noAuthVo()); + } + // 5) 最终生效的查询条件 + param.setSecondDepartIds(visibleSecondIds); } else if (user.getRoleCodes().contains(RoleCodeEnum.THREE_ADMIN.getCode())) { + // 三级管理员:不允许看 return Result.success(ComplaintCollectionPageVo.noAuthVo()); } + }else { + // 超管:也支持“前端传上级 -> 展开二级”查询(不做权限交集) + if (StrUtil.isNotBlank(request.getSecondDepartId())) { + Set querySecondIds = supDepartResourceService.expandToSecondDepartIds(request.getSecondDepartId()); + if (CollectionUtil.isNotEmpty(querySecondIds)) { + param.setSecondDepartIds(querySecondIds); + } else { + return Result.success(ComplaintCollectionPageVo.noAuthVo()); + } + } } IPage page = complaintCollectionResourceService.pageQuery(param); List records = page.getRecords();